102 lines
3.4 KiB
Diff
102 lines
3.4 KiB
Diff
diff -ruNp curl-7.19.5.orig/lib/nss.c curl-7.19.5/lib/nss.c
|
|
--- curl-7.19.5.orig/lib/nss.c 2009-05-11 11:13:49.000000000 +0200
|
|
+++ curl-7.19.5/lib/nss.c 2009-07-10 13:26:15.000000000 +0200
|
|
@@ -786,7 +786,8 @@ static SECStatus SelectClientCert(void *
|
|
struct CERTCertificateStr **pRetCert,
|
|
struct SECKEYPrivateKeyStr **pRetKey)
|
|
{
|
|
- SECKEYPrivateKey *privKey;
|
|
+ SECKEYPrivateKey *privKey = NULL;
|
|
+ CERTCertificate *cert;
|
|
struct ssl_connect_data *connssl = (struct ssl_connect_data *) arg;
|
|
char *nickname = connssl->client_nickname;
|
|
void *proto_win = NULL;
|
|
@@ -799,36 +800,32 @@ static SECStatus SelectClientCert(void *
|
|
if(!nickname)
|
|
return secStatus;
|
|
|
|
- connssl->client_cert = PK11_FindCertFromNickname(nickname, proto_win);
|
|
- if(connssl->client_cert) {
|
|
-
|
|
+ cert = PK11_FindCertFromNickname(nickname, proto_win);
|
|
+ if(cert) {
|
|
if(!strncmp(nickname, "PEM Token", 9)) {
|
|
CK_SLOT_ID slotID = 1; /* hardcoded for now */
|
|
char slotname[SLOTSIZE];
|
|
snprintf(slotname, SLOTSIZE, "PEM Token #%ld", slotID);
|
|
slot = PK11_FindSlotByName(slotname);
|
|
- privKey = PK11_FindPrivateKeyFromCert(slot, connssl->client_cert, NULL);
|
|
+ privKey = PK11_FindPrivateKeyFromCert(slot, cert, NULL);
|
|
PK11_FreeSlot(slot);
|
|
if(privKey) {
|
|
secStatus = SECSuccess;
|
|
}
|
|
}
|
|
else {
|
|
- privKey = PK11_FindKeyByAnyCert(connssl->client_cert, proto_win);
|
|
+ privKey = PK11_FindKeyByAnyCert(cert, proto_win);
|
|
if(privKey)
|
|
secStatus = SECSuccess;
|
|
}
|
|
}
|
|
|
|
- if(secStatus == SECSuccess) {
|
|
- *pRetCert = connssl->client_cert;
|
|
- *pRetKey = privKey;
|
|
- }
|
|
- else {
|
|
- if(connssl->client_cert)
|
|
- CERT_DestroyCertificate(connssl->client_cert);
|
|
- connssl->client_cert = NULL;
|
|
- }
|
|
+ *pRetCert = cert;
|
|
+ *pRetKey = privKey;
|
|
+
|
|
+ /* There's no need to destroy either cert or privKey as
|
|
+ * NSS will do that for us even if returning SECFailure
|
|
+ */
|
|
|
|
return secStatus;
|
|
}
|
|
@@ -912,14 +909,14 @@ void Curl_nss_close(struct connectdata *
|
|
free(connssl->client_nickname);
|
|
connssl->client_nickname = NULL;
|
|
}
|
|
- if(connssl->client_cert)
|
|
- CERT_DestroyCertificate(connssl->client_cert);
|
|
+#ifdef HAVE_PK11_CREATEGENERICOBJECT
|
|
if(connssl->key)
|
|
(void)PK11_DestroyGenericObject(connssl->key);
|
|
if(connssl->cacert[1])
|
|
(void)PK11_DestroyGenericObject(connssl->cacert[1]);
|
|
if(connssl->cacert[0])
|
|
(void)PK11_DestroyGenericObject(connssl->cacert[0]);
|
|
+#endif
|
|
connssl->handle = NULL;
|
|
}
|
|
}
|
|
@@ -955,10 +952,11 @@ CURLcode Curl_nss_connect(struct connect
|
|
if (connssl->state == ssl_connection_complete)
|
|
return CURLE_OK;
|
|
|
|
- connssl->client_cert = NULL;
|
|
+#ifdef HAVE_PK11_CREATEGENERICOBJECT
|
|
connssl->cacert[0] = NULL;
|
|
connssl->cacert[1] = NULL;
|
|
connssl->key = NULL;
|
|
+#endif
|
|
|
|
/* FIXME. NSS doesn't support multiple databases open at the same time. */
|
|
PR_Lock(nss_initlock);
|
|
diff -ruNp curl-7.19.5.orig/lib/urldata.h curl-7.19.5/lib/urldata.h
|
|
--- curl-7.19.5.orig/lib/urldata.h 2009-05-11 09:53:38.000000000 +0200
|
|
+++ curl-7.19.5/lib/urldata.h 2009-07-10 13:30:55.000000000 +0200
|
|
@@ -211,7 +211,6 @@ struct ssl_connect_data {
|
|
#ifdef USE_NSS
|
|
PRFileDesc *handle;
|
|
char *client_nickname;
|
|
- CERTCertificate *client_cert;
|
|
#ifdef HAVE_PK11_CREATEGENERICOBJECT
|
|
PK11GenericObject *key;
|
|
PK11GenericObject *cacert[2];
|